package com.tsd.core.utils;


import com.tsd.core.vo.HlpException;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 * SQL语句工具类
 *
 * @author Hillpool
 */
public class SqlUtil {
    final static String ORDER_BY_PATTERN = "|and|exec|execute|insert|select|delete|update|count|drop|\\*|%|chr|mid|master|truncate|char|declare|sitename|net user|xp_cmdshell|;|or|-|\\+|,|like";

    /**
     * 检查OrderBy是否合法
     *
     * @return
     */
    static public void checkValidOrderBy(String orderBy) throws HlpException {
        if (HlpUtils.isEmpty(orderBy)) {
            return;
        }
        Pattern r = Pattern.compile(ORDER_BY_PATTERN);
        Matcher isMatch = r.matcher(orderBy);
        if (isMatch.find()) {
            //危险请求参数
            throw new HlpException("排序部分存在危险参数");
        }
    }
}
